Oops ( possible) data breach with TESCO ANPR

Half_way

As reported in tech/IT site the Register:
https://www.theregister.co.uk/2019/09/20/tesco_parking_app_10s_millions_anpr_photos_exposed/

Tesco parking app hauled offline after exposing 10s of millions of Automatic Number Plate Recognition images

Ranger Services goes to ground over unsecured Azure blob

Ranger Services, which operated the Azure blob and the parkshopreg.co.uk web app, said it had nothing to add and did not answer any questions put to it by The Register. We understand that they are still investigating the extent of the breach. The firm recently merged with rival parking operator CP Plus and renamed itself GroupNexus.

A malicious person could use the data in the images to create graphs showing the most likely times for a vehicle of interest to be parked at one of the affected Tesco shops.
This was what Reg reader Ross was able to do after he realised just how insecure the database behind the parking validation app was.

And Tesco trying to wash its hands, adn deny any responsibility of the whole thing

A Tesco spokesman told The Register: “A technical issue with a parking app meant that for a short period historic images and times of cars entering and exiting our car parks were accessible. Whilst no images of people, nor any sensitive data were available, any security breach is unacceptable and we have now disabled the app as we work with our service provider to ensure it doesn’t happen again.”
We are told that during a planned data migration exercise to an AWS data lake, access to the Azure blob was opened to aid with the process. While it has been shut off, Tesco hasn’t told us how long it was left open for.
Tesco said that because it bought the car park monitoring services in from a third party, the third party was responsible for protecting the data in law. Ranger Services had not responded to The Register’s questions about whether it had informed the Information Commissioner’s Office by the time of writing.

NCP also implicated, full article here
https://www.theregister.co.uk/2019/09/20/tesco_parking_app_10s_millions_anpr_photos_exposed/

beamerguy

Tesco has a responsibility to ensure their customers are protected

Dave Lewis, the Tesco CEO has demonstrated many times that he favours parking scammers over the customers who pay his wages.

EVERY LIDL HELPS

Johno100

Tesco said that because it bought the car park monitoring services in from a third party, the third party was responsible for protecting the data in law. Ranger Services had not responded to The Register’s questions about whether it had informed the Information Commissioner’s Office by the time of writing.

I somehow suspect the ICO will take some convincing of that.